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METHOD AND SYSTEM FOR DELIVERING SECRET KEY 
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ABSTRACT 

PROBLEM TO BE SOLVED: To provide a method and a system for delivering a 
secret key by which a fist secret key can be delivered even in a 

radio section between a mobile station and a public base station 
without using such a high-degree cipher system as the public key 
cryptosystem. 

SOLUTION: After a mobile station (a) establishes an enciphered 

communication channel between the station (a) and a master machine A in 

which the station (a) is registered by using a preset second secret 
key KAa shared between the station (a) and machine (A) , the mobile 
station (a) delivers a first secret key Kab to the machine A through 

the enciphered communication channel. Then the machine A delivers the 

first secret key Kab to a called wired terminal (b) through an ISDN 1. 
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ABSTRACT 

PURPOSE: To enable a mobile station to be shared and to prevent illegal 
use by specifying a authentication confirmation signal and a 
authentication reply signal of a mobile set and a subscriber with a 
random number and a secret key and starting the operation when both the 
signals are coincident. 

CONSTITUTION: A random number generating circuit 31 generates at first a 
random number R for an authentication request in a base station and 
transmits the number to a mobile station . A mobile set 3 0 enters the 
random number R and secret keys K(sub s) , K(sub p) of the mobile set 
and subscriber to a signal conversion circuit 33 to obtain an 
authentication reply and a communication ciphering key K(sub el) and 
transmits the authentication reply to the base station . The base 

station inputs the random number R and secret keys Ks, Kp to a signal 
conversion circuit 32 to obtain an authentication reply and a 
communication ciphering key K(sub e2) . A comparator circuit 34 compares a 
bit pattern of the authentication reply received from the mobile 
station with a bit pattern of the authentication reply generated in the 
base station , and enables the authentication of the mobile set when 
they are coincident and disables the recognition in other cases. That is, 
then the authentication of the mobile set and the subscriber 
authentication are implemented simultaneously by one authentication 
procedure to share the mobile station by plural subscribers without 
degradation in the throughput. 



12/5/12 (Item 6 from file: 350) 

DIALOG (R) File 350:Derwent WPIX 

(c) 2005 Thomson Derwent . All rts . reserv. * 

013594411 **Image available** 
WPI Acc No: 2001-078618/200109 
XRPX Acc No: N01-201123 

Secure transaction method for use between mobile terminal and server 
, involves establishing USSD dialogue between terminal and proxy till 
secure transaction is established 
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Abstract (Basic) : WO 200078070 Al 

NOVELTY - Proxy decomposes WML page from WAP server into USSD 
and sends data to mobile terminal display. After establishment of 
secure transaction, USSD dialogue is stopped and SAT application is 
activated in terminal. Application shows details of transaction and 
prompts for OK' to transaction. When user agrees, application signs 
data with secret key and sends to proxy where data is assembled in 
the WML format . 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
secure transaction apparatus for use between server and mobile 
terminal . 

USE - For enabling secure transaction between server and 
mobile telephones 

ADVANTAGE - Very high level of security is maintained due to the 
security aspect of the SIM card. The method can be used in different 
applications, as it got to handle only the signing process in SIM card. 
Information browsing and security of transaction are independent due 
to the system handling. 

DESCRIPTION OF DRAWING (S) - The figure shows the block diagram of 
secured WAP exchange using SAT back channel . 
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Mobile -communication dynamic secure grouping communication procedure, 

involves performing encryption communication between base - station 

and terminal using base - station group key- 
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Number of Countries: 001 Number of Patents: 001 
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Abstract (Basic) : JP 2000101566 A 

NOVELTY - Two sets of disclosure key and secret key of 
intrinsic disclosure key system are selected and grouped as lot and are 
delivered to each terminal (2) forming terminal group key. The 
remaining disclosure key and secret key are formed as base - 
station group key and are maintained to base station (1) . Thus, 
encryption communication between terminal and base - station is 
performed, through base - station group key. 

DETAILED DESCRIPTION - Several disclosure key and secret key of 
intrinsic disclosure key system are provided to each terminal (2) . The 
base - station (1) which controls communication! is connected to each 
terminal through wireless circuit . 

USE - For securing security of mobile communication system. 

ADVANTAGE - Since common key is changed for every transmission, 
safe and smooth group communication is enabled. 

DESCRIPTION OF DRAWING (S) - The figure shows explanatory diagram of 
mobile communication system which applies communication procedure. 
Base - station (1) 

Terminal (2) 

pp; 12 DwgNo 1/9 
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- Digital cordless telephone with safe secrecy key setting e.g. PHS - has 
second key generator which generates secrecy key based on key generation 
information from mobile sub- station 
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Abstract (Basic) : JP 8018657 A 

The telephone performs wireless transmission in which secret 
key information is prevented from transmission. A base station (1) 
is connected to the public circuit. The base station and the 
mobile sub- station (10) carry out digital encoding of audio signal 
and performs wireless transmission mutually. A first key generation 
device (5) forms a secret key based on the key generation 
information which is input into the mobile sub- station by a key 
input device (13) . 

The key generation information is then transmitted to the base 
station . A control device (2) controls the encoding by the secret 
key . A second key generator (15) forms another secret key based on 
the key generation information received from the mobile sub- station 
. The secret key is then stored in a pair of key retainers (6 # 16). 

ADVANTAGE - Prevents transmission of secret key . Realizes safe 
secrecy key. Realizes highly safe privacy function of secrecy key. 

Dwg. 1/10 

Title Terms: DIGITAL; CORD; TELEPHONE; SAFE; SECRET; KEY; SET; SECOND; KEY ; 

GENERATOR; GENERATE; SECRET; KEY; BASED; KEY; GENERATE; INFORMATION; 

MOBILE ; SUB; STATION 
Index Terms/Additional Words: PERSON AL_HAND ; HANDY; TELEPHONE 
Derwent Class: W01 

International Patent Class (Main) : H04M-001/68 

International Patent Class (Additional) : H04L-009/06; H04L-009/14 
File Segment: EPI 



12/5/19 (Item 13 from file: 350) 

DIALOG (R) File 350:Derwent WPIX 
(c) 2005 Thomson Derwent . All rts. reserv. 

010307578 **Image available** 

WPI Acc No: 1995-208836/199528 

XRPX ACC No: N95-163659 

Key distribution and authentication for secure data traffic - 
generating network key and backbone key for remote station at base 
station 
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Abstract (Basic) : EP 658021 A 

The method of key distribution and authentication involves 
installing a common hidden key (Km) and a unique identifier (UA) to 
each station . In order to install one base station a preliminary 
key (Kl) is generated and installed. This triggers selection of a 
network key (Knet) which is stored in a network manager. Another base 

station is also installed and a key is selected for it based upon 
that of the first base station . 

A remote station is installed by choosing a name for it on the 
basis of its identifier. The name is encrypted within the installed 
station . A name parameter is computed and provided to the remote 
station where it is stored. Pref . , the preliminary key is randomly 
generated within the network manager. 

USE/ADVANTAGE - For wireless LAN transmission network. Easy to 
use since stations can be initiated on site. Distribution of private 
keys for LAN remote and base stations . 
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Resource use authorization sharing method e.g. for bank account, involves 
forwarding secret key unit to server to perform partial operations on 
message received from slave device 
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Abstract (Basic) : EP 1383265 Al 

NOVELTY - A secret key (d) is split into two units (dl,d2) at a 
master device (11) acting as delegator of authorization. A piece of 
information relating to the unit (dl) is forwarded to a slave device 
(13) enabling the device to perform partial secret operation on a 
message. The unit (d2) is forwarded to a server (12) enabling the 
server to perform partial operations on the message received from the 
slave device. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(1) delegator; 

(2) server for supporting chain delegation authorization use. 
USE - For sharing authorization to use resources such as bank 

account among devises such as mobile phones, personal digital 
assistant ( PDA ) , and personal computer. 

ADVANTAGE - Since a security connection is established between 
the slave device and the server, the computational workload on the 
server is reduced, thus the capability of proposed authorization 
delegation to the slave device is extended in a simple way. 

DESCRIPTION OF DRAWING (S) - The figure shows a chained delegation 
of authorization. 

master device (11) 

server (12) 

slave device (d) secret master key (13) 

secret key units (dl,d2) 
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...INTERNATIONAL PATENT CLASS: H04L-009/08 

...SPECIFICATION two-way data channel. As examples, both the HDTP and the 
WTLS protocols require a handshake operation between the server and a 

mobile device to . establish a secure connection . Conventionally, 
the two-way data channel is needed to provide the handshake operation. As 
a . . . 

...a two-way data channel; a network gateway coupled between the wired 
network and the wireless carrier network, the network gateway includes 
a secure connection processor that establishes a secure connection over 
the first channel by exchanging security information over the second 
channel; and a plurality of wireless mobile devices that can exchange 
data with the server computers on the wired network via the wireless 
carrier network and the network gateway. The messages are supplied from 
the network gateway to the wireless mobile devices over the secure 
connection established over the first channel . 

As a mobile device capable of connecting to a network of computers 
through a wireless link, an embodiment of the invention includes: a 
display screen that displays graphics and text... 



..SPECIFICATION degree)7, July 1998, page 1480-1497, represents the 
closiest prior art and discloses a handshake operation between a 
server and a mobile device to establish a secure connection . 
One problem with the conventional approach to establishing a secure 
connection is that it requires a two-way data channel. As examples, 
both the HDTP and the WTLS protocols require a handshake operation 
between the server and a mobile device to establish a secure 
connection . Conventionally, the two-way data channel is needed to 
provide the handshake operation. As a. . . 

..a two-way data channel; a network gateway coupled between the wired 
network and the wireless carrier network, the network gateway includes 
a secure connection processor that establishes a secure connection over 
the first channel by exchanging security information over the second 
channel; and a plurality of wireless mobile devices that can exchange 
data with the server computers on the wired network via the wireless 
carrier network and the network gateway. The messages are supplied from 
the network gateway to the wireless mobile devices over the secure 
connection established over the first channel. 

As a mobile device capable of connecting to a network of computers 
through a wireless link, an embodiment of the invention includes: a 
display screen that displays graphics and text... 



15/3, K/9 (Item 9 from files 348) 

DIALOG (R) File 348: EUROPEAN PATENTS 

(c) 2005 European Patent Office. All rts. reserv. 



00687914 

A method and system for key distribution and authentication in a data 

communication network 
Verfahren und System zur Schlusselverteilung und Authentif izierung in einem 

Datenubertragungs system 
Procede et systeme de distribution de cle et authentif ication dans un 

reseau de communication de donnees 
PATENT ASSIGNEE: 

International Business Machines Corporation, (200120) , Old Orchard Road, 
Armonk, N . Y . 10504, (US), (Proprietor designated states: all) 
INVENTOR: 

Bjorklund, Ronald Einar, Villa "La Lezardiere" , Chemin de Bezaudin 76, 

F-06510 Gattieres, (FR) 
Bauchot, Frederic, 299 Chemin du Vallon, La Tourraque, F-06640 Saint 

Jeannet, (FR) 

Wetterwald, Michele Marie, 32 Chemin de Saint Laurent, F-06800 Cagnes Sur 
Mer, (FR) 

Kutten, Shay, 41 Lenox Street, Rockaway, NJ 07866, (US) 

Herzberg, Amir, 3935 Blackstone Avenue, No. 4a, Bronx, NY 10471, (US) 

LEGAL REPRESENTATIVE: 

de Pena, Alain (15151) , Compagnie IBM France Departement de Propriete 
Intellectuelle, 06610 La Gaude, (FR) 

PATENT (CC, No, Kind, Date) : EP 658021 Al 950614 (Basic) 

EP 658021 Bl 010328 

APPLICATION (CC, No, Date) : EP 93480219 931208; 

PRIORITY (CC, No, Date) : EP 93480219 931208 

DESIGNATED STATES: DE ; FR; GB 

INTERNATIONAL PATENT CLASS: H04L-009/08 ; H04L-009/32 

ABSTRACT WORD COUNT: 161 

NOTE: 

Figure number on first page: 2 

LANGUAGE ( Publ ication, Procedural , Application) : English; English; English 
FULLTEXT AVAILABILITY: 



Available Text 


Language 


Update 


Word 




CLAIMS A 


(English) 


EPAB95 


904 




CLAIMS B 


(English) 


200113 


878 




CLAIMS B 


(German) 


200113 


817 




CLAIMS B 


(French) 


200113 


1096 




SPEC A 


(English) 


EPAB95 


3678 




SPEC B 


(English) 


200113 


3720 


Total 


word count 


- document 


A 


4583 


Total 


word count 


- document 


B 


6511 


Total 


word count 


- document 


S A + B 


11094 



INTERNATIONAL PATENT CLASS: H04L-009/08 ... 
. . . H04L-009/32 

...SPECIFICATION Another object of this invention is to provide such a 
method for a so-called wireless LAN network combining both wireless 
communications with wired LAN. 

Still another object of this invention is to provide a method for 
distributing private keys needed in an authentication procedure of 
a wireless LAN remote and base stations . 

These and other characteristics, objects and advantages of this 
invention will become more apparent from. . . 

...SPECIFICATION Another object of this invention is to provide such a 
method for a so-called wireless LAN network combining both wireless 
communications with wired LAN. 



Still another object of this invention is to provide a method for 
distributing private keys needed in an authentication procedure 
a wireless LAN remote and base stations . 

These and other characteristics, objects and advantages of this 
invention will become more apparent from. . . 



15/3, K/21 (Item 9 from file: 349) 

DIALOG (R) File 349:PCT FULLTEXT 

(c) 2005 WIPO/Univentio. All rts . reserv. 

00196992 

A METHOD OF CARRYING OUT AN AUTHENTICATION CHECK BETWEEN A BASE STATION AND 

A MOBILE STATION IN A MOBILE RADIO SYSTEM 
PROCEDE D 1 EXECUTION D 1 UN CONTROLE D 1 AUTHENT I FI CATION ENTRE UNE STATION DE 

BASE ET UNE STATION MOBILE DANS UN SYSTEME DE RADIO MOBILE 

Patent Applicant/Assignee: 

TELEFONAKT I EBOLAGET LM ERICSSON, 
Inventor (s) : 

WILKINSON Dent Paul, 

RAITH Alex Krister, 

DAHLIN Jan Erik Ake Steinar, 
Patent and Priority Information (Country, Number, Date) : 

Patent: WO 9114348 Al 19910919 

Application: WO 91SE66 19910129 (PCT/WO SE9100066) 

Priority Application: SE 90856 19900309 
Designated States : 

(Protection type is "patent" unless otherwise stated - for applications 
prior to 2004) 

AU BR CA FI JP KR NO 
Publication Language: English 
Fulltext Word Count: 2444 
International Patent Class: H04M-01:66 
Fulltext Availability: 

Detailed Description 

Claims 

Detailed Description 
. . . formed 

values of Resp 3 . If the values coincide, connection of the call 
continues to establish a speech connection . 

The method steps according to block 7, 8 and 9 provide an authenti 
cation check in which the mobile decides whether or not the base 

station is authentic , since verif ication of the signal Resp 2 sent 
from the base station takes place in the mobile, and against a 
value Resp 2 calculated in said mobile... 

... 2, 3 and 4 can be 

carried out on a general control channel in the mobile radio 
system, and the authentication check according to blocks 7-12 can 
be carried out on the speech channel established between the base 

station BS and the mobile MSk (blocks 5 and 6) e 
Figure 4 is a block diagram illustrating the f... 
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Vendors are adding EAP (Extensible Authentication Protocol) types include 
EAP-MD-5 Challenge, EAP-Transport Layer Security (TLS) , and EAP-Tunneled 
Transport Layer Security (EA-TTLS ) authentication types to possibly provide 
a better method for securing a wireless LAN (WLAN) connection to their 
solutions. LEAP (Lightweight EAP), which is also known as EAP - Cisco 
Wireless, and PEAP (Protected EAP) are also available; Microsoft, Cisco, 
and RSA Security developed PEAP to secure transport of authentication data, 
including legacy password- based ports over 802.11 networks. LEAP is an EAP 
authentication type used mostly in Aironet WLANS from Cisco and can work 
with existing legacy operating systems and clients. LEAP has been licensed 
to other manufacturers, and LEAP'S availability should widen soon. Wi- Fi 
Protected Access (WPA) is an interim security solution based on IEEE 
standards that is designed to work with products on the market currently. 
WPA will be included in Wi-Fi Certified products beginning in 2003. 
EAP-MD-5 Challenge is the oldest EAP authentication type. It serves as a 
base level of support for 802. lx devices, but is not recommended for WLANs . 
EAP -TLS supports certificate-based and mutual authentication of the client 
and the network. EAP-TTLS was developed as an extension of EAP-TLS and 
supports certificate-based, mutual authentication of the client and network 
through an encrypted channel and a way to derive dynamic, per-user, 
per-session WEP keys. 
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...wireless LAN (WLAN) connection to their solutions. LEAP (Lightweight 
EAP), which is also known as EAP - Cisco Wireless, and PEAP (Protected 
EAP) are also available; Microsoft, Cisco, and RSA Security developed PEAP 
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Publication Language: English 
Fulltext Word Count: 4615 

Main International Patent Class: H04L-009/08 
Fulltext Availability: 
Detailed Description 

English Abstract 

...recording of any session (70). From Sidyn(t) and Pjdyn(t) one can 
calculate the dynamic session key between the two nodes 
(Ki,jdyn(t)) (75). However, all other parties are still protected... 

Detailed Description 

... a key recovery authority (KRA) and every pair of nodes share a 

permanent and a dynamic session key with each other. When two nodes 
initiate communication, the nodes exchange dynamic public keys (encrypted 
...a recording of any session. From Sid" (0 and Pjd" (t) one can calculate 
the dynamic session key between the two nodes (K, . , dl ' ( t ) ) . 
However, all other parties are still protected since... of any session. 
From 
13 

S:4n(t) and P." 1 (t) one can calculate the dynamic session key 
between the two nodes However, all other parties are still protected 
since their dynamic public. . . 
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Abstract (Basic) : US 20040019786 Al 

NOVELTY - An alternatively-hashed user Unicode password associated 
with a client user name, is retrieved. A message digest 4 (MD4) hash of 
the user password is performed, to create an MD4 hashed password. The 
client is authenticated through lightweight extensible authentication 
protocol ( LEAP ) using MD4 hashed password, where authentication 
request data has non-MD4 hashed password. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(1) password authentication program; 

(2) recorded medium storing password authentication program; 

(3) non-MD4 encoding client authentication method; 

(4) authentication server; 

(5) network; and 

(6) 802.11 compatible client. 

USE - For password authentication in lightweight extensible 
authentication protocol ( LEAP ) for operating wireless device. 

ADVANTAGE - Provides an alternative database on the network, such 
that the authentication server can access the alternative database 
during the lightweight extensible authentication process. 

DESCRIPTION OF DRAWING (S) - The figures show the flow diagram of 
the LEAP encryption process. 

pp; 35 DwgNo 4a, 4b/ll 
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Abstract (Basic) : EP 1223565 Al 

NOVELTY - A random session key is transmitted between a terminal 
(102) and a smartcard (104) . A card key (Kd) equal to the card key of 
the smartcard is generated at the terminal based on the key to 
authenticate a valid smartcard. A terminal identifier which is equal to 
terminal identifier of the transaction terminal is generated at the 
smartcard based on the key to authenticate a valid terminal. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are included for the 
following : 

(1) Smartcard; 

(2) Terminal; 

(3) Smartcard command set; 

(4) Session key generation method; 

(5) Dynamic session key ; 

(6) Set of instructions used in transaction process; 

( 7 ) Commi t command ; 

(8) Roll-back mechanism; and 

(9) Integrated circuit. 

USE - For mutually authenticating transaction in public transport 
system such as train or bus system, in fare or debit-based application 
such as parking and taxis. 

ADVANTAGE - Provides high level of security and ensures data 
integrity with fast commit processing and fast transaction time by 
transmitting random session key between the terminal and smartcard. 

DESCRIPTION OF DRAWING (S) - The figure shows the flowchart 
illustrating the terminal-smartcard mutual authentication method. 

Terminal (102) 

Smartcard (104) 
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